/*
package com.adingxiong.cft.fliter;

import com.adingxiong.cft.common.entity.ImageCode;
import com.adingxiong.cft.errors.Assert;
import com.adingxiong.cft.errors.ValidateCodeException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.social.connect.web.HttpSessionSessionStrategy;
import org.springframework.social.connect.web.SessionStrategy;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.ServletRequestBindingException;
import org.springframework.web.bind.ServletRequestUtils;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

import static org.apache.http.nio.reactor.ssl.SSLIOSession.SESSION_KEY;

*/
/**
 * @ClassName ValidateCodeFilter
 * @Description Spring Security实际上是由许多过滤器组成的过滤器链，
 * 处理用户登录逻辑的过滤器为UsernamePasswordAuthenticationFilter，而验证码校验过程应该是在这个过滤器之前的，
 * 即只有验证码校验通过后采去校验用户名和密码。由于Spring Security并没有直接提供验证码校验相关的过滤器接口，
 * 所以我们需要自己定义一个验证码校验的过滤器ValidateCodeFilter
 *
 *
 *   也可以单独写一个验证码验证的请求
 * @Author xiongchao
 * @Date 2020/10/15 14:08
 **//*

@Component
public class ValidateCodeFilter extends OncePerRequestFilter {

    @Autowired
    private AuthenticationFailureHandler authenticationFailureHandler;

    private SessionStrategy strategy = new HttpSessionSessionStrategy();

    @Override
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if(StringUtils.equalsIgnoreCase("/user/login",httpServletRequest.getRequestURI())
        && StringUtils.equalsIgnoreCase(httpServletRequest.getMethod(),"post")){
            validate(new ServletWebRequest(httpServletRequest));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private void validate(ServletWebRequest servletWebRequest) throws ServletRequestBindingException {
        ImageCode code = (ImageCode) strategy.getAttribute(servletWebRequest,SESSION_KEY);
        //imageCode  这个是表单提交中的参数
        String codeInRequest = ServletRequestUtils.getStringParameter(servletWebRequest.getRequest(), "imageCode");
        if(code == null){
            Assert.fail("验证码不存在");
        }
        if(StringUtils.isBlank((CharSequence) code)){
            Assert.fail("验证码为空");
        }
        if (code.isExpire()) {
            strategy.removeAttribute(servletWebRequest, SESSION_KEY);
            Assert.fail("验证码已过期");
        }
        if (!StringUtils.equalsIgnoreCase(code.getCode(), codeInRequest)) {
            Assert.fail("验证码不正确");
        }
        strategy.removeAttribute(servletWebRequest, SESSION_KEY);


    }
}
*/
